问题描述
上下文
我正在构建一个 php 网络应用程序,该应用程序需要将文件上传到属于用户的 Google 云端硬盘(我们称他为 Bob).我使用了 Google 云端硬盘服务帐户(我们称之为 service@gmail.com).
Bob 在他的 Google Drive 中创建了一个文件夹(上传")并与 service@gmail.com 共享.
服务帐户 (service@gmail.com) 可以使用 Drive API 列出该共享上传文件夹中的文件并将文件上传到该文件夹.上传的文件也会显示在 Bob 的 Google Drive 中.到目前为止一切顺利.
问题
service@gmail.com 上传的文件的所有者是 service@gmail.com,正如人们所预料的那样.这会产生以下后果:
- 由于 service@gmail.com 是已上传文件的所有者,因此它们会计入该帐户的配额.但是,Bob 为他的 Google 云端硬盘购买了更多空间,并希望上传的文件计入他的配额,以免服务帐户中的空间用完.
- 当之前由 service@gmail.com 上传的文件被(由 Bob)从共享上传文件夹中删除时,会发生以下情况:
- 已删除的文件不会显示在任一用户的上传文件夹中.
- Bob 仍然可以在他的所有项目"视图中看到已删除的文件.
- 当服务帐户通过 API 列出所有文件但它没有任何父文件(即它是孤立的)时,已删除的文件仍然会出现问题.
- 通过API获取已删除文件详情时,显示配额已用完.
怎么办?
如何(干净地)处理这个用例?我看到了 2 种可能的解决方案:
- 这行不通!首先,它不适用于普通帐户的上传文件.其次,服务帐户有一个电子邮件@developer.gserviceaccount.com,而Bob 的帐户有@gmail.com.doc 说:
Google Apps 客户:您不能让域外的人成为您 Google 文档的所有者.只有 Premier、Government 和 Education 域中的 Google Apps 客户可以转让已同步或上传文件(如 PDF 或图像文件)的所有权.
Consumer Drive 用户:您不能转让已同步或上传文件(如 PDF 或图像文件)的所有权.
- 不要使用服务帐号,而是让网络应用直接使用 Bob 的帐号.但是,这确实需要为 Bob 获取 OAuth 访问令牌.此外,使用具有共享上传文件夹的服务帐户允许我将服务帐户的访问权限限制为仅上传文件夹.
- 定期搜索服务帐户中的孤立文件以清理它们.但是,这并不能解决用于未删除文件的配额问题...
请帮忙!
我认为你应该看到这个页面:执行 Google Apps 域范围的授权.此页面显示如何使用 SA 代表 Bob 用户调用请求.此页面包含描述如何为 Bob 创建 Drive 对象的 Java 代码.使用此 Drive,您将能够上传文件,文件的所有者将是 Bob 而不是 service@gmail.com.我经常使用这种方法,它对我有用.
Context
I'm building a php web app that needs to upload files to a Google Drive which belongs to a user (let's call him Bob). I used a Google Drive service account (let's call it service@gmail.com).
Bob created a folder ("uploads") in his Google Drive and shared it with service@gmail.com.
The service account (service@gmail.com) can user the Drive API to list the files in that shared upload folder and upload files to it. The uploaded files show up in Bob's Google Drive as well. So far so good.
The problem
The owner of the files uploaded by service@gmail.com is service@gmail.com, as one could expect. This has the following consequences:
- Since service@gmail.com is the owner of the uploaded files, they count against that account's quota. However, Bob purchased increased space for his Google Drive and wants the uploaded files to count against his quota to not run out of space in the service account.
- When a file previously uploaded by service@gmail.com is deleted (by Bob) from the shared upload folder, a few things happen:
- The deleted file does not show up in the uploads folder for either user.
- Bob can still see the deleted file in his "All Items" view.
- The deleted file still chows up when the service account lists all files through the API but it doesn't have any parent (i.e. it's orphaned).
- When getting the deleted file details through the API, it shows that it's using up quota.
What to do?
How can this use case be handled (cleanly)? I see 2 possible solutions:
- This does not work! First, it doesn't work with uploaded files for regular account. Second, the service account has an email @developer.gserviceaccount.com while Bob's account has @gmail.com. from the doc says:
- Don't use a service account and have the web app use Bob's account directly instead. This does require getting an OAuth access token for Bob however. Also, using a service account with a shared upload folder allowed me to restrict the access of the service account to only the upload folder.
- Periodically search for orphaned files in the service account to clean them up. This however does not solve the issue of the quota used for the non-deleted files...
Please help!
Info regarding offline access and access tokens
I think that you should see this page: Perform Google Apps Domain-Wide Delegation of Authority. This page shows how to use SA to invoke requests in behalf of Bob user. This page contains Java code which describes how to create Drive object for Bob. Using this Drive you will be able to upload file and the owner of the file will be Bob not service@gmail.com. I am using this method a lot and it works for me.
这篇关于使用带有 Google Drive API 的服务帐户进行配额、孤立文件和上传的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!